一、LDAP server在哪

By default, Spring Security’s LDAP authentication assumes that the LDAP server is listening on port 33389 on localhost. But if your LDAP server is on another machine,you can use the contextSource() method to configure the location:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .contextSource().url("ldap://habuma.com:389/dc=habuma,dc=com");

 }

The contextSource() method returns a ContextSourceBuilder , which, among other things, offers the url() method that lets you specify the location of the LDAP server.

二、设置LDAP server

If you don’t happen to have an LDAP server lying around waiting to be authenticated
against, Spring Security can provide an embedded LDAP server for you. Instead of set-
ting the URL to a remote LDAP server, you can specify the root suffix for the embed-
ded server via the root() method:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .contextSource()

         .root("dc=habuma,dc=com");

 }

When the LDAP server starts, it will attempt to load data from any LDIF files that it can
find in the classpath. LDIF ( LDAP Data Interchange Format) is a standard way of rep-
resenting LDAP data in a plain text file. Each record is composed of one or more lines,
each containing a name:value pair. Records are separated from each other by blank
lines.
If you’d rather that Spring not rummage through your classpath looking for just
any LDIF files it can find, you can be more explicit about which LDIF file gets loaded
by calling the ldif() method:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth.ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .contextSource()

         .root("dc=habuma,dc=com")

         .ldif("classpath:users.ldif");

 }

Here you specifically ask the LDAP server to load its content from the users.ldif file at
the root of the classpath. In case you’re curious, here’s an LDIF file that you could use
to load the embedded LDAP server with user data:

 dn: ou=groups,dc=habuma,dc=com

 objectclass: top

 objectclass: organizationalUnit

 ou: groups

 dn: ou=people,dc=habuma,dc=com

 objectclass: top

 objectclass: organizationalUnit

 ou: people

 dn: uid=habuma,ou=people,dc=habuma,dc=com

 objectclass: top

 objectclass: person

 objectclass: organizationalPerson

 objectclass: inetOrgPerson

 cn: Craig Walls

 sn: Walls

 uid: habuma

 userPassword: password

 dn: uid=jsmith,ou=people,dc=habuma,dc=com

 objectclass: top

 objectclass: person

 objectclass: organizationalPerson

 objectclass: inetOrgPerson

 cn: John Smith

 sn: Smith

 uid: jsmith

 userPassword: password

 dn: cn=spittr,ou=groups,dc=habuma,dc=com

 objectclass: top

 objectclass: groupOfNames

 cn: spittr

 member: uid=habuma,ou=people,dc=habuma,dc=com

Spring Security’s built-in user stores are convenient and cover the most common use
cases. But if your authentication needs are of the uncommon variety, you may need to
create and configure a custom user-details service.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. (转)SqlServer数据库大型应用解决方案总结

    随着互联网应用的广泛普及,海量数据的存储和访问成为了系统设计的瓶颈问题.对于一个大型的互联网应用,每天百万级甚至上亿的PV无疑对数据库造成了相当高的负载.对于系统的稳定性和扩展性造成了极大的问题. 一 ...

  2. jQuery-ui treegird 使用

    在实际应用中可能会碰到不同的需求,比如会根据每行不同的参数或属性设置来设置同列不同的editor类型,这时原有的例子就显的有点太过简单,不能实现我们的需求,现在应用我在项目中的操作为例,显示下实现同列 ...

  3. HDU1857题解(逆向思维trie)

    题目link:http://acm.hdu.edu.cn/showproblem.php?pid=1857 先简述一下题目: 有一个RXC的字母矩形,R,C在500内,要匹配m个单词,m在100000 ...

  4. Poj 2583 Series Determination

    1.Link: http://poj.org/problem?id=2583 2.Content: Series Determination Time Limit: 1000MS   Memory L ...

  5. 用一天的时间学习Java EE中的SSH框架

    首先说明一下,本人目前主要从事.NET领域的工作,但对于C++.Java.OC等语言也略知一二,周末闲来无事,特花费一天的时间学习了一下Java中的SSH框架,希望把学习过程中的心得体会与园友们进行分 ...

  6. 一.Nginx的特性和一些知识点

    一.Nginx的特性和一些知识点 1.基本功能服务器      处理静态文件(静态资源的web),支持 反向代理服务器,支持缓存.负载均衡.支持FastCGI      模块化机制,非DOS机制,支持 ...

  7. PHP 魔术方法 __sleep __wakeup(四)

    串行化serialize可以把变量包括对象,转化成连续bytes数据. 你可以将串行化后的变量存在一个文件里或在网络上传输. 然后再反串行化还原为原来的数据. 你在反串行化类的对象之前定义的类,PHP ...

  8. Geographic Coordinate Systems

    Coordinate Systems Geographic Coordinate Systems This is an archive of a previous version of the Arc ...

  9. Java Thread and runnable

    java中可有两种方式实现多线程, 一种是继承Thread类,(Thread本身实现了Runnable接口,就是说需要写void run 方法,来执行相关操作) 一种是实现Runnable接口 sta ...

  10. php调试利器 -- xdebug

    之前整理在印象笔记中,现在搬出来.分本地调试和远程调试.本文亲测通过并截图,有问题欢迎留言探讨. (参考网上多位前辈的博客,整理在笔记里忘记保存原文链接,这里无法贴出链接,望见谅)   # 痛处 一般 ...